Tag Archive for FOI

Copyright and FOIA

FOIMan writes about the relationship between copyright and freedom of information.

Practitioners and others often get confused about the way that copyright interacts with FOI. In this piece for the Freedom of Information Journal, I attempt to provide some clarity. In summary, whilst public authorities retain copyright in much of the information that they disclose, it will often be difficult for them to prevent requesters and others from re-using disclosed data.

Back to the FOIA: FOI, historical records and archives

FOIMan writes about the relationship between FOI and the past.

Way back before I got involved with FOI, I started my career as an archivist. In my latest article for the Freedom of Information Journal, I’ve written about the complex relationship between FOI, historical records and archives. Both archives and FOI provide means to hold public authorities to account. So how do they interact – and is FOI damaging archives?

You can find out by reading the article here.

FOI enforcement developments

FOIMan notes a couple of developments on FOI enforcement.

A brief note of two important enforcement actions taken by the Information Commissioner’s Office (ICO) in the last few weeks.

First off, the Royal Borough of Kensington and Chelsea has been given a Monetary Penalty Notice of £120,000 for accidentally disclosing personal data. The FOI Officer apparently failed to notice that a spreadsheet contained a pivot table which held personal data in it. This is similar of course to a previous MPN given to the London Borough of Islington a few years ago. The council was criticised in particular for failing to train its FOI Officers adequately.

Even more notably, and in a first, it was reported this week that the ICO is prosecuting a councillor with Thanet District Council in Kent under s.77. Whilst this provision has always been there to sanction the destruction, hiding or alteration of records to avoid FOI, it has never been used by the ICO. The case will be heard in September, so one to watch.

FOI and Open Data Developments

FOIMan reports on a new strategy from the ICO and a move for open data (and data sharing) responsibilities in government.

Elizabeth Denham, Information Commissioner

Elizabeth Denham

I’m briefly emerging from my monastic cell to note some recent developments in FOI that may have passed you by amidst frenzied GDPR preparations.

The Information Commissioner recently gave the annual Jenkinson Lecture at University College London. In it, she made intriguing reference to a new ICO FOI strategy. What does this strategy consist of?

  1. The Commissioner wants to augment the “request-based, and frankly, reactive” model of FOI. There appears to be a new focus on pro-active disclosure, and linked to this, the Commissioner is interested in giving new impetus to open data initiatives, particularly focussing on making them more sustainable. Self-assessment tools for public authorities are mooted.
  2. She wants FOI to expand to reflect changes in the way that public services are run (not a new call, of course). Housing Associations were particularly singled out for attention.
  3. She remains concerned about compliance with FOI deadlines, and is keen to explore ways to improve these. The publication of FOI statistics proposed by the FOI Commission in March 2016 (and more recently included in the draft s.45 Code of Practice released before Christmas) was highlighted, and it was suggested that the Commissioner could carry out audits even where no specific complaint has been received (or ‘own-motion compliance investigations’).
  4. Access Impact Assessments may be coming your way. Presumably inspired by her office’s preparations for GDPR, the Commissioner suggested that assessments should be made of the “access impact of new systems and initiatives”.

News of such a strategy is interesting in its own right, but I read earlier today of changes to responsibilities in central government (what are known as ‘changes to the machinery of government’). Responsibility for open data policy, together with data sharing, data governance and data ethics has moved from the Government Digital Service (in the Cabinet Office) to the Department for Digital, Culture, Media and Sport (DCMS). Could the Commissioner’s comments on open data be linked to this move, perhaps? And are there moves afoot to move FOI to DCMS as well? It would make sense – but machinery of government changes don’t always appear to be made with good sense in mind.

FOI and the General Data Protection Regulation

FOIMan considers how the General Data Protection Regulation (GDPR) affects the Freedom of Information Act (FOI) and its administration.

Happy new year! 2018 is finally here and only a matter of months remain before the GDPR applies to anyone that processes personal data. You may have noticed that I’ve been fairly quiet online of late, and one reason for that is that I’ve been busy travelling the country delivering GDPR training to a range of organisations. Another reason will become clear in due course…

My first love is (when it comes to information rights anyway), of course, FOI. So given that I’ve been giving so much thought to GDPR, it made sense to think about how the new law affects FOI.

A few months ago I blogged briefly about an obscure schedule of the Data Protection Bill (hopefully soon to become the Data Protection Act 2018) that made amendments to FOI in order to ensure that the exemption for personal data will still work effectively with GDPR. It’s important that these changes happen otherwise there would be a conflict between FOI and the new data protection regime. Not making them could lead to personal data being disclosed when it shouldn’t be, or, as I indicated in my blogpost, to less information being disclosed than might have been in the past.

However, GDPR doesn’t just mean changes to other legislation. It means that any organisation processing personal data has to ensure that that processing meets its requirements. That includes public authorities.

What might be forgotten is that the handling of FOI requests invariably involves the processing of personal data. Some of that processing will be expected by applicants and will be easy to justify; some of it won’t be. When I gave a presentation about this to a group of practitioners in December, there were some audible gasps (of recognition primarily) as I listed some of the things that public authorities routinely do with personal data whilst processing FOI requests, but are often done without much thought. It’s not necessarily that those activities are wrong, you understand; but GDPR (if not the current Data Protection Act) requires all public authorities to give some thought to how they are justified. They’ll also need to ensure that they meet the other requirements of GDPR.

In my latest piece for PDP’s Freedom of Information Journal I’ve looked at the FOI amendments in the Data Protection Bill (at least as it stood in October when this piece was written). I’ve also examined how FOI requests are handled and what practitioners will want to be looking at to prepare for GDPR. A lot of the things I discuss will be relevant for other correspondence processes as well.

Have a read. I hope it gives you some food for thought at the start of what will be a very busy and interesting year.